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LISTING OF CLAIMS: 

The following listing of claims will replace all prior versions and listings of 
claims in the application. 

1 . (Original) A method for the secure transmission of data from a distributor 
to a client over a computer network, the method comprising: 

(a) encrypting the data using an encryption confidentiality key known 
to the client but not the distributor; 

(b) storing the encrypted data at the distributor; 

(c) generating a message by further encrypting the encrypted data 
using an encryption transmission key, the corresponding transmission decryption 
key being known to the client; and 

(d) transmitting the message to the client. 

2. (Original) A method as claimed in claim 1 in which, on receipt of the 
message, the cUent confirms the integrity of the transmission by decrypting the message using 
the transmission key. 

3. (Original) A method as claimed in claim 2 in which the client confirms the 
confidentiahty of the data by decrypting the encrypted data using a confidentiality decryption 
key corresponding to the confidentiahty encryption key. 

4. (Currently amended) A method as claimed in any on e of claim s claim 1 te 
^ in which the data comprises or includes a cryptographic key. 

5. (Currently amended) A method as claimed in any one of claims claim 1 te 
3- in which the data comprises or includes a program. 
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6. (Currently amended) A method as claimed in any ono of claims claim 1 te 
^ in which the data comprises or includes license or configuration information. 

7. (Currently amended) A method as claimed in any ono of claims claim 1 
to 4 in in which the distributor provides key management functions, for example key generation, 
for the client. 

8. (Currently amended) A method as claimed in any ono of claims claim 1 
to 4 in in which the client is adapted to use cryptographic keys but not to generate them, instead 
requesting a key from the distributor as required. 

9. (Currently amended) A method as claimed in claim 1 any on e of the 
preceding claims in which the distributor comprises a repository in commxmication with a 
plurality of providers, each provider being responsible for sending messages to one of a plurality 
of clients. 

10. (Currently amended) A method as claimed in any on e of claims claim 1 te 
9 in which the encrypted data is stored in a non-secure part of the repository. 

1 1 . (Currently amended) A method as claimed in any on e of claims claim 1 te 
9 in which the providers include respective insecure computers which relay to the users messages 
generated by the repository. 

12. (Currently amended) A method as claimed in anyon e of claims claim 1 te 
9 in which the providers include respective secure computers. 

13. (Currently amended) A method as claimed in any on e of claims claim 1 te 
a in which each secure computer within a provider generates messages using a cryptographic 
key obtained from the repository. 
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14. (Original) A method as claimed in claim 9 in which encrypted data held 
within the repository is divided into data sets, each data set being associated with a respective 
policy which defines how the data within the data set may be used. 

15. (Original) A method as claimed in claim 14 in which data from a 
particular data set, when sent by the provider, is accompanied by the respective policy. 

16. (Original) A method as claimed in claim 15 in which the policy is run by 

the provider. 

17. (Currently amended) A method as claimed in claim 14 6^44 in which the 
pohcy is run by the client. 

1 8. (Original) A method as claimed in claim 14 in which the pohcy is run by 

the repository. 

19. (Original) A method as claimed in claim 9 in which a pluraUty of regions 
arc defined within the repository, each region containing information on the secure computers 
that are permitted to make requests for or otherwise manipulate data held by the repository. 

20. (Original) A method as claimed in claim 9 in which the said secure 
computers include that of the provider. 

2 1 . (Original) A method as claimed in claim 9 in which the said secure 
computers include those of the clients. 

22. (Currently amended) A method as claimed in claim 19 when dependent 
upon claim 1 1 in which encrypted data held within the repositorv is divided into data sets, each 
data set being associated with a respective policv which defines how the data within the data set 
may be used and in which each region fiirther includes a plurality of data sets. 
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23. (Currently amended) A method as claimed in claim 19 when dependent 
«peft claim 1 4 in which encrypted data held within the repository is divided into data sets, each 
data set being associated with a respective policy which defines how the data within the data set 
may be used and in which each region is associated with a respective region policy which defines 
how the information within the region may be used. 

24. (Currently amended) A method as claimed in claim 19 wh e n d e pendent 
upon claim 1 4 in which encrypted data held within the repository is divided into data sets, each 
data set being associated with a respective pohcv which defines how the data within the data set 
may be used and in which each region fiirther contains one or more authority groups, the or each 
group defining a set of secure computers that are permitted to carry out certain tasks. 

25. (Original) A method as claimed in claim 24 in which a given secure 
computer may belong to a plurality of authority groups. 

26. (Original) A method as claimed in claim 24 in which each region includes 
a region authority group which is responsible for administrative fimctions relating to its 
respective region. 

27. (Original) A method as claimed in claim 26 in which the region authority 
group is responsible for revoking a secure computer fi*om a region. 

28. (Original) A method as claimed in claim 24 in which the information 
within the or each authority group is encrypted and is confidential firom the repository. 

29. (Original) A method as claimed in claim 19 in which the information 
within the or each authority group is encrypted and is confidential firom the provider. 

30. (Original) A method as claimed in claim 19 in which the information 
within each authority group, when there is more than one such group, is encrypted and is 
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confidential from other groups. 

3 1 . (Original) A computer security module having means for receiving from a 
sender a message comprising twice-encrypted data, means for confirming the integrity of the 
message by decrypting it according to a protocol known to both the module and the sender, and 
means for confirming that the confidentiality of the data has been preserved by fiirther 
decrypting the decrypted message using a secret known to the module but not to the sender. 

32. (Original) A computer system including a plurality of clients, each having 
a security module as claimed in claim 31, and a provider arranged to send messages, as required, 
to the said clients. 

33. (Original) A computer system as claimed in claim 32 in which the 
provider includes a secure computer. 

34. (Currently Amended) A computer system as claimed in claim 33 in which 
the secure computer within the provider includes a the security module as claimed in claim 3 1 . 

35. (Currently Amended) A computer system as claimed in any ono of claims 
claim 32 te-54 including a plurality of providers, and a repository arranged to send data, as 
required, to the said providers. 

36. (Original) A computer system as claimed in claim 32 in which encrypted 
data is stored at the provider, and is re-encrypted prior to being sent as a message to the client. 

37. (Original) A computer system as claimed in claim 35 in which encrypted 
data is stored at the repository, and is re-encrypted prior to being sent as messages to the 
providers. 

38. (Currently amended) A computer system as claimed in any on e of claims 
claim 3 1 te-^ in which encrypted data is stored in a non-secure part of the repository. 
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39. (Original) A computer system as claimed in claim 35 in which the 
providers comprise respective insecure computers which relay to the users messages generated 
by the repository. 

40. (Original) A computer system as claimed in claim 35 in which encrypted 
data held within the repository is divided into data sets, each data set being associated with a 
respective poUcy which defines how the data within the data set may be used. 

41. (Original) A computer system as claimed in claim 40 in which data from a 
particular data set, when sent by the provider, is accompanied by the respective policy. 

42. (Original) A computer system as claimed in claim 41 in which the policy 
is run by the provider. 

43. (Currently Amended) A computer system as claimed in claim 41 or 4 2 in 
which the policy is run by the client. 

44. (Original) A computer system as claimed in claim 40 in which the policy 
is run by the repository. 

45. (Original) A computer system as claimed in claim 35 in which a plurahty 
of regions are defined with the repository, each region containing information on the secure 
computers that are permitted to make requests for or otherwise manipulate data held by the 
repository. 

46. (Currently amended) A computer system as claimed in claim 45 when 
d e p e nd e nt upon claim 33 in which the said secure computers include that of the provider. 

47. (Currently amended) A computer system as claimed in claim 45 wh e n 
d e p e nd e nt on claim 2 in which, on receipt of the message, the chant confirms the integritv of the 
transmission bv decrypting the message using the transmission kev and in which the said secure 
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computers include those of the clients. 

48. (Currently amended) A computer system as claimed in claim 45 wh e n 
d e p e nd e nt upon claim 10 in which encrypted data held within the repository is divided into data 
sets, each data set being associated with a respective policy which defines how the data within 
the data set may be used and in which each region further includes a plurality of data sets. 

49. (Original) A computer system as claimed in claim 45 in which each region 
is associated with a respective region policy which defines how the information within the region 
may be used. 

50. (Original) A computer system as claimed in claim 45 in which each region 
further contains one or more authority groups, the or each group defining a set of secure 
computers that are permitted to carry out certain tasks. 

5 1 . (Original) A computer system as claimed in claim 50 in which a given 
secure computer may belong to a plurality of authority groups. 

52. (Original) A computer system as claimed in claim 50 in which each region 
includes a region authority group which is responsible for administrative functions relating to its 
respective region. 

53. (Original) A computer system as claimed in claim 52 in which the region 
authority group is responsible for revoking a secure computer fi"om a region. 

54. (Original) A computer system as claimed in claim 50 in which the 
information within the or each authority group is encrypted and is confidential fi"om the 
repository. 

55. (Original) A computer system as claimed m claim 50 in which the 
information within the or each authority group is encrypted and is confidential fi-om the provider. 
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56. (Original) A computer system as claimed in claim 50 in which the 
information within each authority group, when there is more than one such group, is encrypted 
and is confidential from the other group. 

57. (Original) A method for the secure transmission of data to a client, over a 
computer network, the method comprising: 

(a) providing, at a remote data distributor, encrypted data the 
decryption of which requires knowledge of a secret known to the client; 

(b) opening a secure channel between the distributor and the chent, the 
channel defining a cryptographic protocol agreed by both the distributor and client; 

(c) at the distributor, further encrypting the encrypted data according 
to the protocol to generate a secure message, and transmitting the message to the client; and 

(d) at the client: 

(i) confirming the integrity of the transmission by decrypting 
the message according to the protocol; and 

(ii) recovering the data by decrypting the encrypted data using 

the secret. 

58. (Original) A method as claimed in claim 57 in which the data comprises or 
includes a cryptographic key. 

59. (Original) A method as claimed in claim 58 in which the distributor 
provides key management functions, for example key generation, for the client. 

60. (Original) A method as claimed in claim 58 in which the client is adapted 
to use cryptographic keys but not to generate them, instead requesting a key from the distributor 
as required. 
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61 . (Original) A method as claimed in claim 58 in which the key is used in a 
secure process by the client. 

62. (Original) A method as claimed in claim 57 in which the data comprises or 
includes a program. 

63. (Original) A method as claimed in claim 57 in which the data comprises or 
includes licence or configuration information. 

64. (Currently amended) A method as claimed in any one of claims claim 57 
te-6^ in which the secret known to the client is not known to the distributor. 

65. (Original) A method as claimed in claim 64 in which the 
distributor generates the message by calculating encrypt(wrap( (Ke-decrypt), Kw-wrap), Ks) 
where: 

(i) wrap (a,b) denotes 'wrap key a with key b', 

(ii) Ke-decrypt is the decryption key corresponding to an encryption 
key Ke-encrypt with which the data was encrypted, 

(iii) Ks is a session key generated according to the said protocol, and 

(iv) Kw-wrap is a wrapping key. 

66. (Original) A method as claimed in claim 64 in which the distributor 
generates the message by calculating Encrypt (B,Ks) Wh e re where: B has been received by the 
distributor in advance by some secure process, B being defined by wrap( {Ke-decrypt}, Kw — 
wrap) Wh e r e where : 

(i) wrap (a,b) denotes 'wrap key a with key b', 

(ii) Ke-decrypt is the decryption key corresponding to an encryption 
key Ke-encrypt with which the data was encrypted, 
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(iii) Ks is a session key generated according to the said protocol, and 

(iv) Kw-wrap is a wrapping key. 

67. (Currently amended) A method as claimed in claim 65 eF-66 in which the 
client has a symmetric entity confidentiality key, Kec-secret, which has been securely transferred 
in advance to the distributor, the distributor then using Kec-secret as Kw-wrap. 

68. (Currently amended) A method as claimed in claim 65 or claim 66 in 
which the client has an asymmetric entity confidentiality key pair, Kec-public/Kec-private, Kec- 
public having been securely transferred in advance to the distributor, the distributor then using 
Kec-public as Kw-wrap. 

69. (Original) A method as claimed in claim 64 in which the message 
generation includes wrapping the encrypted data with a symmetric entity confidentiality key 
which has been securely transferred in advance to the distributor. 

70. (Original) A method as claimed in claim 64 in which the message 
generation includes wrapping the encrypted data with the public part of an asymmetric entity 
confidentiality key pair, the said public part having been securely transferred in advance to the 
distributor. 

71 . (Original) A method as claimed in claim 69 in which the distributor holds 
the said public part of the key pair confidential. 
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